The EU passed the Data Retention Directive
years ago, a law that demands ISPs and search engines hold onto data
long enough to help the cops (but not long enough to cause privacy
problems). But Sweden never passed it into national law, and the
European Commission has now sued the country to make sure a bill
appears.
The
European Commission has moved to sue Sweden after the Nordic state
failed to implement the EU's Data Retention Directive in a timely
fashion.
The Directive was passed back in 2006 and requires all EU member
states to implement some form of data retention legislation, with terms
of six month to two years. National laws were to be in place by March
of this year, but Sweden still has yet to introduce a bill of its own.

Internet providers and search engines would all need to retain user
data and IP addresses so that law enforcement would have a window of
time in which to access that information during investigations.

According to Swedish newspaper Svenska Dagbladet,
the Swedish government does plan to introduce legislation in the next
month or two, asking for a six-month retention period. Why hasn't it
happened yet? Because the Swedish Justice Ministry has been busy. Also,
it's not Justice Minister Beatrice Ask's "favorite project."

The legislation, whenever it appears, will put more pressure on
various ISPs that offer anonymity to their users. Beginning April 1,
2009, ISPs in Sweden had to implement the Intellectual Property Rights
Enforcement Directive (IPRED), which meant that they could be forced to
turn over user account information in some legal cases.

ISPs like Sweden's Bahnhof responded to IPRED
by simply deleting all their data on a regular basis—a perfectly legal
move. But when the Data Retention Directive goes into effect, that
option will be taken off the table.

Beatrice Ask also says that the process of introducing a bill has
been slowed by all the consultation the government has been doing.
Which makes sense, since data retention is a sticky wicket for
Europeans, who have generally focused on getting ISPs and search
engines to store less user data (and for less time).

When all the European countries meet their national Data Retention
Directive obligations, the continent will have made it illegal to
delete data too quickly, and illegal to store it for too long.